Could explain more your problem ?
On samba there are machine account for windows NT4, 2000, XP but no
separation between workstation and server and DC.
? A machine account is machine account, only WINS cares about the difference.
And also, there are no specific group for machine which are
As far as I know, it *HAS* to be done this way because the posixGroup
schema is way out of date (it wont take a dn as a member).
That is true, well the out of date part. It doesn't have to be done
this way.
This info
according to the gurus on the OpenLDAP list. In effect we have to keep
objectclass ( 1.3.6.1.4.1.6921.1.18
NAME 'nssBisGroup'
DESC 'Adds POSIX Attributes To A GroupOfNames'
SUP top
AUXILIARY
MUST ( cn, gidNumber )
MAY ( userPassword, description )
)
Uh... gee, on second thought I don't see how this is going to work with
the
Hi, the simple answer is dont use suse firewall,( iptables scripts are
easy to google )
and study more chapters from Samba Browsing
That's not very nice, the Suse 'firewall' is well written. And you can't
expect everyone to learn that much about paket filtering just to run samba.
And
[netlogon] is a special share. I would guess Windows mounts it more than
once when user logins but you should see it then with 'log level = 5' as
'cmd=/home/samba/scripts/create-login-script.sh adrian.h' line in smbd
logs. Have you tried to put this 'root preexec' into [home] share instead?
I am using a Samba PDC with OpenLDAP.
After updating my Samba 2.2.7 to version 3.0.7, I encountered the
following problem : All my Windows-clients are able to logon to the Domain
but it takes several minutes until the Client finally is logged on. If I
try to open a directory that is
Hi guys, I have a working samba and openldap pdc which is actively being
tested. I have a group of users that have specifics tools to use such as
oracle client tools (sqlplus etc). I tried to logon as a test user and run
the sqlplus but nothing happened, I tried adding this user to the local
I don't use MS products at all, so I have very little knowledge with them,
but I believe Microsoft has as protocol where Internet Explorer can
automatically authenticate against an IIS server, and given that the server
and client are on the same NT domain, and the client user is logged in
I'm planning a Samba3 new installation. I need to make Samba interact with
a third party directory server (it's a standard implementation that can be
accessed with ldapsearch, ldapadd, etc). Is it possible to use ldapsam
with an LDAP directory that's not running under OpenLDAP?
Yes; I've
I'm planning a Samba3 new installation. I need to make Samba interact
with
a third party directory server (it's a standard implementation that can
be
accessed with ldapsearch, ldapadd, etc). Is it possible to use ldapsam
with an LDAP directory that's not running under OpenLDAP?
Yes;
As it is relatively easy to have one LDAP database across all office
branches, I don't know how to make Samba 3 to read/retrieve
usernames/passwords from local OpenLDAP slave, but to write added
machines/changed passwords to the master OpenLDAP server (which would
then replicate the
I have recently installed a machine with the above mentioned
configuration. The machine will be a fax-server. It will only receive
(at the moment) faxes and store them on its hard-drive.
the problem is that all the faxes that I receive are either
black pages or they are white pages with a
I use samba 3.0.1pre1
I make a config.pol with .adm templates.
But, when I use it in netlogon, register are no set.
netlogon and config.pol have correct permissions.
Shouldn't it be ntconfig.pol?
--
To unsubscribe from this list go to the following URL and read the
instructions:
I thought the profile copy was smart and only copied files that had changed?
What can I do improve this performance?
Maybe theoretically, but we've seen it 'stupid' on frequent occasions.
Really best just to redirect the My Documents short cut to a real share
(such as a home directory) that
I thought the profile copy was smart and only copied files that had
changed? What can I do improve this performance?
Maybe theoretically, but we've seen it 'stupid' on frequent occasions.
Really best just to redirect the My Documents short cut to a real share
(such as a home directory)
I would like to have a DIT similar to this for my Samba server :
ou=People,dc=domain,dc=com: users accounts
ou=Group,dc=Domain,dc=com: groups
ou=Hosts,dc=domain,dc=com: machine accounts
ou=Samba,dc=domain,dc=com: Samba specific stuff, such as sambaDomain,
sambaUnixIdPool, etc
My
I use log.%M to get per client logs. This works but I always end up
with -
[EMAIL PROTECTED] root]# cd /var/log/samba
[EMAIL PROTECTED] samba]# ls -l log.pc01699
-rw-r--r--1 root root 2642617 Nov 12 07:30 log.pc01699
[EMAIL PROTECTED] samba]# host pc01699
pc01699.morrison.iserv.net
On Fri, Nov 12, 2004 at 08:26:54AM -0500, Adam Tauno Williams wrote:
I use log.%M to get per client logs. This works but I always end up
with -
[EMAIL PROTECTED] root]# cd /var/log/samba
[EMAIL PROTECTED] samba]# ls -l log.pc01699
-rw-r--r--1 root root 2642617 Nov 12 07:30
I have a couple of Windows 2000 boxes that only accept logons from users
who have logged onto the system before. For new users the logon
appears to succeed, proceeds to Loading your personal settings and
then the following error appears -
Windows cannot log you on because the profile cannot be
Are failed client logins on the XP clients logged anywhere ?
How about non-domain member clients accessing shares ?
It completely depends on your logging settings. Perhaps show your
smb.conf global section so we can tell.
In my setup, and from the looks of things around here, a lot of
Perhaps this is a stupid question, but if you are using a LDAP backend, is
there any requirement to have a userPassword for a user for them to be able
Only if you want to authenticate other services to the DSA.
to authenticate to a Samba PDC?
No (well, unless it is requried by schema).
Perhaps this is a stupid question, but if you are using a LDAP backend, is
there any requirement to have a userPassword for a user for them to be able
Only if you want to authenticate other services to the DSA.
to authenticate to a Samba PDC?
No (well, unless it is requried by schema).
I wonder if it is posible to write a VFS module to block the listing of
directory in a share?
The files inside the directory should be accesible for read/write
operations, but should be able to list the files in the directory.
Is that posible?
Can't you do this exact thing with UNIX
I just tested your settings and they seem to be working.
The auth takes much longer now, maybe because it is working.
When checking shares the getpwnam does not even get called any more.
I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess
that let's me know VFS was
the internet using openvpn. I've been told that samba (through no fault of
its own) doesn't work very well through a VPN.
Rubbish. I have a ~dozen users using it via a VPN, it works just the same as if
they were local (albiet more slowly, for obvious reasons).
I want the workstations in
If you find smb too slow, you should try using http to serve the files
across the VPN.
Set up apache to use samba authentication and you should be all set.
You could even run both Samba and Apache at the same time, and see for
yourself which works out better.
We use Davenport, which is a
I have a mixed network with windows macs using samba on Solaris9 for
file sharing.
When one of the macs opens a file (tex illustrator doc) then that file
remains locked even when the user has closed the doc.
When somebody else opens the file it becomes readonly. The file remains
listed
[Mitch says:] Sorry for butting in - and sorry if this is a dumb question -
but are you guys saying there is an existing PDF printer / spooler combo
that provides a PDF output option under Samba? Is this a 3rd party app or
where do I get started looking at this?
Yes, it is included with just
Result -m
[EMAIL PROTECTED] $OUTDIR/$DATE.pdf
rm $OUTDIR/$DATE.pdf
-
Adam Tauno Williams
Network Systems Administrator
Morrison Industries
Grand Rapids, Mi. USA
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org
[Mitch says:] D'oh! Ok- I've set that, still seeing the problem though -
without the error message (yes I was smart enough to restart smbd ;-)
Actually, changes to the smb.conf become live withing a few minutes,
you don't need to restart.
When the user logs on, the profile folder is created
Then I added this to my smb.conf
This won't work with printing = cups if Samba is linked against libcups...
[pdfprinter]
printing = lprng
This looks okay.
print command = /usr/bin/smbpdfmaker %s %U %m %I
Our share definition looks like -
[pdfconv]
path = /tmp
I'm currently developping a program that takes the smbtree output, parse it,
retrieve all connected workstations, then call nmblookup for each
workstation, resolve the IP, create a BIND zone file with this.
Why not use wins hook?
Now; to secure this programs; I tought about 2 things
-
The problem of the connectivity error seems to have been persistant for the
duration of the windows login - so whatever I had screwed up I think I must
have fixed, but I still have concerns... (and oodles of ideas - I could use
this same process to create a fax gateway too...)
I also wanted
The SBMLDAP howto (
http://www.idealx.org/prj/samba/smbldap-howto.en.html ) states that:
ldap machine suffix = ou=Computers
Is the correct approach to defining machines in the LDAP directory. Yet
the advise offered by this group seems to be that, no we should be using :
ldap
As a consequence, this also means, that on each server there has to be
a copy of a profile of a given user, right?
No, not right. The user roaming profile is stored only on one server.
So what is the sense of having BDCs?
So distribute the profiles. Where the user's profile is located
Does anyone have any code for inspecting Samba TDB files from Mono or
just in C#? Is the format of the TDB file documented somewhere?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Does anyone have any code for inspecting Samba TDB files from Mono or
just in C#? Is the format of the TDB file documented somewhere?
Only in the source code I'm afraid. The tdb C code would convert to
Java or C# quite easily,
Will take a look.
although I'm thinking the locking
googling arround, I found an example smb.conf containig
logon script = %m.bat
logon script = %U.bat
My question:
is it possible to have such a login script chain??
No.
A subsequent value read in the configuration overrides a previously read
value.
--
To unsubscribe from this list go to
Today, we ran a quick test which compared the volume of traffic sent
over the VPN connections to the central server from a client machine and
from my test machine. We found that the volume of data being sent and
received during the process of opening a shared folder, seeing the
contents
Did ldap machine suffix ever get fixed so that it can be in a sperate
container from ldap user suffix?
Is there any problem to be fix on samba side? I've been using separate
container for machine without any problem ( almost 8 months now)
Same, always have, never had this problem.
--
To
Did ldap machine suffix ever get fixed so that it can be in a sperate
container from ldap user suffix?
Is there any problem to be fix on samba side? I've been using separate
container for machine without any problem ( almost 8 months now)
Yes, there was a problem, and maybe still is.
OK, so what I am hearing is that:
1. It is still a problem.
2. But it isn't a Samba problem, it is an nss_ldap problem.
3. There might be some work arounds.
Possible workarounds:
A. Burry the Two OU's one deeper and do a subtree search on the parent
OU. Works but not scaleable.
I disagree
I was wondering what of this was still true?
quote
Things that samba cannot yet, but are under rapid development, are:
- Trust relationships with other domains.
? Trust accounts have existed for quite some time.
- PDC and BDC integration.
Depends on what you mean; technically, no. Very
I've set up a PPTP VPN system to provide remote access to my work
LAN, but I can't get (and cannot see how to get) computer browsing to
work for clients connecting over VPN (they cannot see any computers in,
and do not appear themselves in network neighbourhood).
You need to configure
Pls send more details about connecting FC3 machine to ADS.
Please visit
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Not only can it, it does.
See NT documentation on environment variables.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
On Thu, Dec 16, 2004 at 06:15:25AM -0600, Gerald Carter wrote:
[snip]
Binary packages are available at
http://download.samba.org/samba/ftp/Binary_Packages/
Using these packages we are seeing -
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
20589 root 16 0
Is there any way to specify multiple LDAP servers for Samba to
authenticate against?
List multiple LDAP passdb backends.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
I had been using
ldap server = myldapserver
instead of passdb backend and didn't see anything about specifying
multiple servers. Didn't know about
passdb backend = ldapsam:ldap://ldap-1.example.com
ldap://ldap-2.example.com;
This gives you redundancy, you will search the second DSA only
does anyone knows of a good HOWTO (or a book) for setting up Samba as a PDC?
ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf
I have been dealing around with the Samba HOWTO collection, but to be
honest, this is a hard job.
No, not really.
There are some
I'm in the process of building a Samba PDC for my office, and I have a
couple of questions. We have three regional offices connected via VPN.
We'd like to have network browsing across all three network, with a
single login. I was going to do a Samba machine with an LDAP backend on
the same
I setup Samba 3.09 with LDAP and everything seems to work fine. (shres,
permissions, startscripts)
But we have the following problem on Win2000 machines: If you start the
machine and Login on the domain everythings seems to go fine. Then the
startscript will be loaded and works fine.
[2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545)
ldap_initialize: Time limit exceeded
[2004/12/24 10:59:46, 1] lib/smbldap.c:another_ldap_try(936)
Connection to LDAP server failed for the 1 try!
[2004/12/24 10:59:47, 0] lib/smbldap.c:smbldap_open_connection(545)
I agree. This indicates a packet loss on the LAN. I would check the cables
and switches. If you can, try using a
10,000 packet flood ping from the server to a suspect host, with a 1500=byte
packet size. This is a nice quick test
of network health. Oh - a bad NIC at either end can also
I am considering marking testprns as deprecated (or just
remove it). It doesn't seem to be that useful anymore. Does
anyone use it on a regular basis and would therefore be distraught
if it were gone in a future 3.0.x release ?
Haven't used it in ages.
--
To unsubscribe from this list go
Also, the Machines and Users must be stored in the same OU.
Beneath a common OU, storing IN the same OU is not required.
It appears that
you have users stored in one OU and Computers stored in another OU. I
don't believe this is supported right now. (I believe this is because
PAM will
It appears that
you have users stored in one OU and Computers stored in another OU. I
don't believe this is supported right now. (I believe this is because
PAM will only search one OU for a UNIX user instead of multiples.)
NSS will only search one OU for account type objects; and both
It appears that
you have users stored in one OU and Computers stored in another OU. I
don't believe this is supported right now. (I believe this is because
PAM will only search one OU for a UNIX user instead of multiples.)
NSS will only search one OU for account type objects; and both
it instructs to run /sbin/splapindex -f /splapd.conf When I run this I
get the following error:
/etc/openldap/schema/samba.schema: line 423: AttributeType not found:
gidNumber
slapindex: bad configuration file!
samba.schema requires the posix/nis schema from RFC2307 to be loaded
first, this
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/nis.schema
Order
can you remote regedit from linux?
No, or at least I haven't found a way.
if so, you can execute on logon from the samba server a push of the keys,
you can even make a queue of pushes that run only once.
But this isn't GPOs. With regedit or policies you can screw up a machines
registry,
I tried changing the DN to cn=admin but that didn't work either. Could
it have anything to do with the fact that I used md5 for the password
hash?
No, the application doesn't know or care what password hash you used.
Authenticating against the password is processed internally by the DSA
I'm new to ldap. What should I set my DC's DN to, admin?
There is no answer to this question. You create an object in the Dit
for the DC to bind to, and make sure it has sufficient privilages. You
shouldn't use the OpenLDAP manager dn; that DN has the access to trash
the entire Dit.
We
Alright now that samba can talk to LDAP I have a blank slate. I know I
need to setup group mappings, but I'm a little confused about this.
Since it's an ldap backend do the groups need to have unix counterparts?
Yes, it is group mapping; you must have group to map to.
Should I use the net
On Thu, 2004-12-30 at 12:57 -0500, Paul W. Abrahams wrote:
I've gathered that there's a close connection between Samba and LDAP, but the
Samba documentation I've looked at, mainly in the SWAT help and man page,
doesn't discuss LDAP. Just what is the nature of the connection?
Your question
We are currently working on an issue of Software 2.0 Extra! magazine devoted
exclusively to programming in Linux. We want to show our readers, how to
programming in Linux and show them interesting projects about this problem.
Also we want to show them usefull tools, which make his work more
I would like to put Computer accounts in a different OU from the user
accounts.
Is this possible ?
YES. And it has been discussed many times. The archives should provide you
with a variety of answers.
I read that there is a bug regarding this and that Computer accounts can
only be
what can You advice on sharing MS Outlook Conatacs Calendar for samba
domain ?
http://www.opengroupware.org
As close as your going to get to beautiful. Outlook support is
available, but not free.
(I did some investigation on this subject, but I didn't find any beautiful
solution at all)
Both NT4 and AD have special ways to create a basic domain user, then add the
specific permission to join workstations to the domain. Can your creativity
provide that type of an implementation for Samba?
Isn't this privilages? You can muck about with them a bit with rpcclient but
they don't
Does anybody that have it working can give me a sample of what looks like a
NTConfig.POL file that changes users passwords every 45 days.
Password changing is handled by server policy, you set it using pdbedit.
--
To unsubscribe from this list go to the following URL and read the
We are trying to use Samba 3.0.10 running on FreeBSD 5.3 to replace a legacy
NT4 PDC. Our goal is to use LDAP to centralize all user information and
authentication on the network. To that end, we've set up Samba to use LDAP for
authentication of all the Windows users. This is working, but
I have setup a samba server as a domain member to share print queues.
As I'm doing print quotas, I need the users to be authenticated properly.
The setup works except that it appears that I need to add winbind to my
nsswitch.conf.
This is kind of upsetting as I don't see a reason why I have
I'm troubled in such a very simple problem I think.
I've setup a samba server (version 2.0.7) in a linux machine (distro
conectiva 6.0).
Thats a very old version of Samba
actually I just can't browse to my samba server :,(
If I don't solve this problem I may lose my job! please any help,
| I'm still having problems with that memory issue
| using 3.0.10 with v.2 of the printing patch + the
| one line patch from Jerome Borsboom. My production
| server has completely frozen a couple times in the past
| couple weeks, and did so again this morning.
| This time before restarting
Yes, I have.
It's strange for me, that removed user isn't visible under usrmgr.exe as
members of Domain Users (it's good), but when I do slapcat, I can see:
So, why are you slapcatting? The transactions hasn't been committed out
of the journal to the database. DO NOT USE SLAPCAT TO CHECK
We have a NT4 Domain in our mainoffice.
Now we have to install servers all over germany.
(About 20 locations) The offices are connectet over DSL/VPN.
We think about using samba to have a stable and inexpensive solution.
Is there a solution to use samba over a wide area network?
I'm not
= crew
cups options = raw
enable privileges = yes
load printers = no
--
Adam Tauno Williams - http://www.whitemice.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
The consensus seems to be XFS but I'm not sure how proven this filesystem is
(I know SGI have used it since Irix 6.5 but that's a different OS).
Been using it for years under Linux 2.4.x, and now 2.6.x, never had a
lick of trouble.
I need quotas and would like acls, but most of all want a
I believe you need to build it against the openldap libraries, but then
you can point it against any LDAP server you wish once it's built. Of
course I haven't tried that, but it seems to be the consensus I've found.
Yes.
--
To unsubscribe from this list go to the following URL and read
I've wondered that too. Samba gets better and this list seems to get less useful.
Excellent documentation is now available. MANY of the questions/topics
routinely posted to this list could be resolved if the posters availed
themselves of that resource.
We've implemented an extensive
I'm having a problem where I can gain the lock but the process is
still writing to the file.
If your building a 'drop box' so to speak, where a process picks up
files after they are copied in, perhaps you want to look into hooking
for application into 'fam'
http://oss.sgi.com/projects/fam/
i wanna know exactly the principal functions of ldap, if is posible send
me a example because im not very clear about this protocol with samba.
Samba uses LDAP for the same purposes/reasons everything else does - a secure,
high-performance, highly available, hierarchical data repository.
There
I'm still looking for a possible integration of MIT K5 and AFS through
the windows login, so I will ask you a question.
A first considerations is that afs+k5 works fine but we have to create a
local account with a fake password. The profile will be on the local
disk. We can gain tickets and
I remain unclear regarding Samba and LDAP.
It appears that mkntpwd is required to generate a viable sambaNTPassword and
sambaLMPassword attribute values.
No.
But I believe I read that the current
incarnation of smbpasswd can accomplish this.
Yes, this is all done via the PDB backend.
Samba schema and related indices were added and containers created.
Added user xxx to LDAP database via phpLDAPadmin and executed
smbpasswd -a xxx -D 256
Besides the does not exist issues, the attribute sambaDomainName was added.
Are there additional containers and/or attributes
Where I remain unclear is the ldap password sync flag in smb.conf. If set to
yes, does a Windows NT/2K/XP user participating with Samba3 in a workgroup
(security=user) automatically have his or her password transparently
synchronized on the Samba box the next time he or she attempts to
I updated one of my file servers to 3.0.6, and while file serving is
improved (no M$-Office file already open messages), every time I access
a printer my logs flood with messages like to those below. It seems I
can set printer properites, etc... but when I print the jobs seem to go
to
That is a good reference. But any out there on the web that are freely
available?
Dozens, if not hundreds.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Since we updated to 3.0.6 we are having an oddity that the server IP
appears in printer UNCs rather than the IP address. For instance
printer \\barbel\grdps appears in the printer status box as 192.168.1.9
on grdps. It still works, but this is both odd and unsightly. DNS
forward and reverse is
Hi , I want to understand the above terms , where can I find good
doucmentation please ?
Any decent UNIX administration text, any decent NT administration text.
Or ftp://ftp.kalamazoolinux.org/pub/pdf/CIFSnPOSIX.pdf
--
To unsubscribe from this list go to the following URL and read the
I have noticed a few people post issues with 3.0.6 and I wonder if there is
a bug somewhere? I did run a trace using ethereal - when opening files,
packets just stopped between client and server except for a few keepalives.
The samba logs didn't contain much info for my level of knowledge
We have just started to roll out Thinstation thin-clients that are
connecting to Win TSRV servers. What is being planned is 1 Terminal
Server per location. This will significantly reduce the adminstrative
nightmare on multiple Windows boxes and centralize it. However, this
is where I
Two quick questions:
1.
For a samba server what backend would produce the best performance with
samba. ldbm or bdb?
bdb performance will always be MANY ORDERS OF MAGNITUDE faster than
ldbm. And ldbm is depricated anyway.
Make sure your using a recent OpenLDAP version, not one of the
I saw the following log entry when connecting to a print share on a
Samba 3.0.7 box from a Windows 2000 client.
I assume the attempt to allocate 1Gb+ of RAM has got to be wrong?
[2004/09/14 11:07:14, 1] smbd/service.c:make_connection_snum(648)
pcladydeath (192.168.1.110) connect to service
Ive been using samba for a while, but I have no backups...
Id just like something simple and effective, with some easy way to
Restore
files...
Any quick suggestion, please?
If you have ACL support enabled on you Samba server make sure your
backup solution supports backing up meta-data
The redXs mean the connection has been dropped probably due to idle
time, this is done in order to conserve resources on the server. This
is normal.
http://support.microsoft.com/default.aspx?scid=kb;en-us;297684
http://support.microsoft.com/default.aspx?scid=kb;EN-US;138365
I even have the
I have a suggestion. I think you can partition off the groups by
putting them in sub OU's of your groups OU.
Yes, and you could partition those OUs across servers.
Alternatively you could use some Balanceing Domain Controllers with
disconnected authentication. This entails setting up
What I wanna to do is put one script on cron.daily to :
1. Clean all the files on the directories .recyycle(see below) that are
older than 15 days.
\files\production\.recycle
\files\directory\.recycle
\files\it_teste\.recycle
\files\adm\sandra\.recycle
\files\testing\piedro\.recycle
I have some reservations about fedora - I just dont know how stable it
is for a production server (our services are mainly
samba/ldap/ntp/ssh/rsync/clamav) - we have about 15 samba servers in
production currently.
RHEL - well - the cost is a factor
gentoo - takes to long to deploy
Mandrake
Hi there! Is possible to install software on the Samba Server and make users
run that software from their workstations instead of installing locally? I
know that it could take down the network perfomance but it could be useful
for some little software like 7-zip, yahoo messenger, etc...
It
1 - 100 of 493 matches
Mail list logo
